OpenClaw Doc Generator

Security checks across malware telemetry and agentic risk

Overview

This documentation helper matches its stated purpose, but it can change README/docs files and its CI example can push generated changes if copied.

Install/use this only where repository file changes are acceptable. Run it on a branch or test copy first, review generated diffs before committing, and do not copy the CI push example unless you intentionally want automation to write back to the repository with limited credentials.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The quick-start instructions present README updates and sync fixes as routine operations without clearly warning that they modify tracked repository files. In practice, a user or downstream agent could run these commands expecting analysis-only behavior and unintentionally overwrite documentation or introduce noisy changes into a codebase.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The CI/CD example automatically generates docs, commits, and pushes changes to the repository without emphasizing that it performs autonomous repository modification. In automated environments, this can propagate unwanted or attacker-influenced generated content directly into the main branch, increasing supply-chain and integrity risks.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal